The U.S. government needs to do more at home and at war to protect its computer systems, the head of the military's Cyber Command said Thursday. He urged that a "secure zone" be created for federal agencies, financial networks and critical infrastructure.
Gen. Keith Alexander said making those vital U.S. networks more secure must be done carefully so it does not affect the millions of people in the United States who use the Internet every day.
Finding a way to meet both goals will take time and debate but is necessary to protect the systems from the growing threat of attacks from other countries and criminals.
At the same time, he told a congressional panel that he sent a special cyber operations unit to Afghanistan to help shore up the networks that commanders and troops use to communicate and run the war. If the military networks fail, it would be difficult to fight the war, he said, adding that transmitting intelligence to the forces and working with allies depend on those communications.
Security of those systems is not where it should be, he said, but the military is making progress.
Making domestic networks more secure is a thornier issue. The White House, Congress and industry leaders are at loggerheads over any hint of government control, regulation or influence over the Internet. They are struggling to come up with a solution that protects national security without appearing to limit or monitor people's online activities.
Alexander told a small group of reporters Wednesday evening that federal officials are hashing out how best to conduct cyberwarfare and how to respond to an attack that knocks out banking systems, shuts off electricity or takes control of a nuclear power plant.
"You could come up with what I would call a secure zone, a protected zone, that you want government and critical infrastructure to work in that part," said Alexander, who also testified Thursday before the House Armed Services Committee. "At some point it's going to be on the table. The question is how are we going to do it."
He added that setting up such a system "technically is fairly straightforward. The hard part is working through making sure everyone is satisfied with what we're going to do," and explaining it to the American public.
Federal and commercial computer networks are scanned and attacked millions of times a day by hackers, criminals and other countries. Their goals are to steal money, ferret out sensitive data or disrupt and destroy critical operations.
Alexander said the administration's internal discussions are looking at whether federal agencies — including his Cyber Command, the FBI or the Department of Homeland Security — need new powers to take action during computer attacks.
As much as 85 percent of the nation's critical infrastructure is owned and operated by private companies, from nuclear and electric power plants to transportation and manufacturing systems.
In his session with reporters at the National Cryptologic Museum, home to some of the country's early computers, Alexander talked at length about the need for government to work with private industry to protect the systems that run daily life.
Under agreement with the reporters, his comments were not for release until the House hearing began.
He said that right now he does not see terrorist groups as a major cyberthreat, but that could change.
In his prepared testimony for the hearing, Alexander warned that deterring enemies in the cyberworld will not be easy and could take years to achieve.
He said it will require progress in the military's ability to defend its networks and strike back against the source of Internet attacks. The U.S., he said, must develop counterattacks "that adversaries know we will use if we deem necessary."
Committee chairman Ike Skelton, a Democrat, said Congress needs to know what the Pentagon needs to build up its cyber resources, noting that computer-based threats are daunting and will be a big part of the future of warfare.
He reeled off the rapidly growing statistics of today's online culture: 1.9 billion Internet users; 4.6 billion cellular subscribers; an average of 247 billion e-mails sent each day this year; and $300 billion in intellectual property stolen over computer networks this year.
Alexander assumed control of Cyber Command in May. He said the budget for this year is about $120 million, and that probably will grow to about $150 million in 2011.
The money pays for about 1,000 military and civilian workers, including those who staff a 24-hours-a-day operations center that monitors and defends the Defense Department's computer networks.
With a nod to critics, Alexander pledged that the Cyber Command will comply with all privacy and civil liberties laws.
"We have to get this right, as I believe the security of our nation depends on it," he said.